If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I recently purchased a program called Adware Away because I was infected with the &quot;about:blank&quot; homepage hijacker.
I was running Norton Internet Security 2006 along with Ad-Aware SE Plus 1.06 and everything was set to automatically update and look
for new definitions.
Anyway, I purchased the program Adware Away and it
removed the
&quot;about:blank&quot; hijacker, but I ended up reformatting
and re-installing WinXP and dumping Norton Internet Security and Ad-Aware SE Plus for ZoneAlarm Internet Security (I hope this was a good move...we will see).
Now to the point,when I run an Adware Away scan,it disables my
ZoneAlarm Secuirty Suite
&quot;load at windows startup feature&quot;.
When I reboot
WindowsXP, ZoneAlarm
does not load automatically and when I manually open ZoneAlarm
I notice the check mark has been
removed from &quot;Load ZoneAlarm Security Suite at startup.&quot;
I then re-applied the check mark to load at startup and I applied a password to protect ZoneAlarm settings.
I rebooted WinXP and observed ZoneAlarm load with no problems.
I then ran an Adware Away scan and rebooted WindowsXP.To my surprise, the password protection in ZoneAlarm was not enough to prevent Adware Away from disabling ZoneAlarm's load at startup feature.
In my opinion this is a very severe vulnerability and I know everybody is going to say that Adware Away is a rogue anti-spyware utility, but it's not.
I spent $29.95 on this program and it did what it's supposed to.
Before I purchased it, I read reviews and made sure it was a legitimate program.
The concern here is that if Adware Away can prevent ZoneAlarm Internet Security from loading when WinXP loads, it is safe to assume that any other program can also be designed to defeat the automatic load feature and take advantage in order to
introduce a virus or malware into the system.
All I am saying is that I expected more from the password protection in ZoneAlarm.
The load at startup setting needs to be protected via password so that it is impossible to disable it.
I have contacted Adware Away tech support to notify them that this is happening and I will also notify ZoneAlarm tech support and hopefully a fix will be released soon.
My ZoneAlarm is up-to-date in case anybody is wondering, and this is not the free version.
I purchased a 3-pc license of the Internet Security Suite 6.5.
I welcome any suggestions or comments.

This freeware would have done the job without developing any issues- Superantispyware or Ewido.

Also there are several security sites such as antivirus software makers that have manual repair or instructions to fix this without the use of any software installation or purchases. Plus there are so many free and respectable tools on the internet to fix these types of problems that the need for so many third party antispy is almost non existant.

Solutions to your inquiry:

First there should be a section in this new antispy to completely exclude the ZA folder or ZA executibles- vsmon.exe and the zlclient.exe- from it's scanner and it guard or protector.

Second the database in the ZA needs to be reset, since it has been corrupted

1) Boot your computer into the Safe Mode.

2) Navigate to the c:\windows\internet logs folder.

3) Delete the backup.rdb and iamdb.rdb files in the folder.

4) Run the Disk cleaner or empty the Recycle Bin.

5) Reboot into the normal mode.

6) All previous data and settings in the ZA are gone and it now starts fresh as the day it was installed.

Third Keep checking the Rogue antispy list at spywarewarrior.com. Any new mention of a spyware scanner just gives me the "paranoid mode" at the thought of so many rogue applications that are out there preying on users.

Oldsod,
Thanks for your quick response, but I'm still puzzled and disappointed that this took place.
ZoneAlarm
is required to
load with WindowsXP to protect my PC.
If any program has the ability to modify ZoneAlarm's settings (even with password protection) this is a security
risk that needs to be patched immediately
by Zone Labs.

Honestly, I am very disappointed that Adware Away so easily
tampered with my PC's primary security software.
Adware Away can not be customized to exclude folders or executibles, but that is beside the point and honestly the least of my worries.
I will uninstall
Adware Away
and take the $29.95 hit, but I will say that this program performed extremely well in solving my problem even after all manual repair methods and other freeware scanners failed.
But back to the main issue, why was ZoneAlarm so easily defeated and what will be done by Zone Labs to prevent other programs from disabling the auto load feature?
ZoneAlarm is required to load with Windows to protect my PC.
In my opinion a password should lock settings to prevent tampering and this doesn't seem to be happening.

You are absolutely right! This should have never happened to begin with.

My solution or prevention is simple - System Safety Monitor (freeware). Excellent HIPS that does work very well. And would have stopped anything like this from happening in the first place.
Along with the ProActive Defense from the KAV6, the PC is locked down and very secure. ZA OS firewall makes a nice compliment for the firewall security.

Somewhere was there an Alert from the Zone Alarm allowing or asking about the Adware activity or processes concerning this?
Were there any indication from Adware that the ZA was a threat to be removed?
Is it possible there was a mistaken removal of ZA from services or run by Adware? Or in the other Windows files?

Oldsod,
I appreciate the information you have provided.
To answer your three questions...
Somewhere was there an Alert from the Zone Alarm allowing or asking about the Adware activity or processes concerning this?
Negative, ZoneAlarm did not produce any warning or alert.
Were there any indication from Adware that the ZA was a threat to be removed?
No, I did not receive a threat removal
advisory or one that required my confirmation.

Is it possible there was a mistaken removal of ZA from services or run by Adware? Or in the other Windows files?
After some of my own research and with the help of Ad-Aware SE Plus 1.06, specifically the real-time protection of Ad-Watch, I have confirmed that the program Adware Away was deleting
the Zone Alarm registry key value &quot;zone labs client&quot; in the root:
&quot;HKEY_LOCAL_MACHINE&quot;, data:
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe.
This is a result of the Adware Away &quot;Specialized Remover&quot; scan and not part of the &quot;Global Scan.&quot;

Ad-watch is protecting my system settings and ZoneAlarm settings very well because I can simply select &quot;block&quot; to prevent registry values from being deleted, thus preventing ZoneAlarm from automatically loading with WinXP.

Oldsod,
I'll wrap things up by saying that I just received an email
from
Adware Away's tech support.
They provided me a new .dll file to install in the Adware Away folder.
The new .dll file replaced the old .dll and Adware Away no longer tampers with ZoneAlarm's auto load setting.
I know Adware Away is not a well known and popular anti-spyware program, but I am really satisified with the cleaning results and the top-notch tech support I received (less than two days to provide a patch that fixed my conflict with ZoneAlarm).
I recommend it to anyone who has hard to remove malware.
Thanks.

Jeruselem
Kaspersky is similiar- free phone support. Plus their forum is populated with both employees and contributors- excellent answers can be quickly found. Fixes and patches are released with hours of their discovery.